Remote Code Execution Vulnerabilities in Joomla

Systems Affected

Threat Level

Overview

Two vulnerabilities have been reported in Joomla! which could be exploited by remote attacker to obtain data from targeted systems user session to disclose sensitive information.

Description

These vulnerabilities exist in Joomla! Due to the improper sanitization of browser information while saving the session details into the database.

Successful exploitation of this vulnerability could allow a remote attacker to execute code on the targeted system.

Impact

Solution/ Workarounds

Upgrade to latest version of Joomla! CMS 3.4.6 and Joomla! Framework Session package version 1.3.1

https://www.joomla.org/download.html

References

http://www.cert-in.org.in/

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.